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0S«M 

1 . An enhanced message of the type tansmitted by a message semce center (C-SMS) to 
a mobile station (MS) in a celtular radio coirtmimkation system and having a header (1) and a 
main body (2), with said main body (2) partic darly having a first field (3) for storing the remote 
cpmiuands pertaining to a remote appiicatioa of the aforementioned mobile station- 
said mobile station being constituted with a tenninal cooperating with a subscriber 

identity module, said terminal having a means for receiving said enhanced message, said 
subscriber identity module having a means for storing and processing the received enhanced 
message, and said subscriber identity module having a means for executing said remote 
commands to support said remote application; 

said enhanced message being characterized by tlte fact that said maifi body (2) also has a 
second field (4) for storing the current value of a synchronization counter; 

the current value of the synchronization counter being compared with the previous value 
of the synchronization counter stored in the subscriber identity module so that said enhanced 
message is accepted or rejected by the subscriber identity' module corresponding to the result of 
comparing the current value and the previous value of the synchronization counter, and said 
previous value being updated by said current value only when the euhanced message is accepted 
by the subscriber identity module. 

2. The enhanced message described in Claim 1, characteriKed by the fact that the main 
body {2} of said enhanced message also has a third field (5) for storing a first piece of locating 
information indicating the location in said data storage means of the subscriber iden tity module 
where said previous value of the synchroni;!ation counter is stored. 

3. The enhanced message described in Claim 2, the data storage means of the subscriber 
identity module ha\ ing a hierarchical stnicture of at least three levels and having at least the 
following three kinds of flics 

• nmter file (MF), ot pnmaiy directory; 

• dedicated file {DV) or secondar>' directory located uilder said master file: 

• elemental s tiic (HI-) located under said dedicated file known as parent dedicated file or 
directly located undei btud mastei file known as parent master file; 

an elemcniau system file iVA SMS Systein) suitable for said remote application having a 
second piece of locating information indicating the location in the data storage means of the 
subscriber identity module where said previous value of the synchronization counter is stored; 

characterized by tlie fact that die firet piece of locating information stored in said third 
field (5) is an identifier for dedicated file { DF) or master file (MF) related to said elementary 
system file (EF SMS System) depending on a predetermined search strategy in the data storage 
means. 
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4. The eiiliaiieed message (iescrsbeti in any of Claims 1-3, chanicterized by the ibUowtng 
fects: said main body also has a fourth field (6) for storing cipher text known as transtmtted 
ciphertext, calculation of which at least partially inchides the content of the second field storing 
the current value of the synchronization counter; 

said transmitted ciphertext is compared with another ciphertext krjowii as local clphertext 
as calculated by the subscriber idet^tity module such that said enhanced tiiessage is accepted by 
the subscriber identity module if tire transmitted ciphertext is the same as the local ciphertext mid 
is rejected othenvise, 

5. The enhanced message described in Claim 4, characterized by the fact that c«lcoJation 
of said transmitted and local ciphertext at least partially includes the content of the first field (3) 
storing the remote commands. 

6. The enhanced message described in Claim 5, characterized by the fact that calcnlatfon 
of said transmitted and local ciphertext at least includes all the content of the second field (4) 
storing the cmrent value of the synchronization counter and all the content of the first field (3) 
storing the remote commands. 

7. The enhanced message described in any of Claims 1-6, characterized by the fact diat 
said transmitted and local ciphertext are calculated by using a cryptographic fimction 

belonging to the group of 

• secret key cryptographie fiatelions; and 

• public key cryptographic functions, 

8 . The enhanced message described in any of Clai ms 1-7, said subscril^r i dentity module 
storing a cryptographic fimction and an associated key specific to said remote application in the 
data storage means of the subscriber identity module to calculate said local ciphertext, 
characterized by the fact that the main body of said enhanced message also has a fifth field (5) 
storing a third piece of locating information indicating the location in said data storage means 
where said cryptographic tiinction and said associated key specific to said remote application are 
stored- 

9, The enlianced message described in Claim 2 or 8, characterized by the fact that said 
third field (5) also constitutes said fifth field, and said first piece of locating information also 
constitxJtes said first piece of locating infom«ition. 

10. The enhanced message described in any of Claims 1-9, said main body also having a 
sixth field (7) storing a checksum known as transmitted checksum, calculation of which at least 
partially includes the content of the first field (3) storing remote commands, 

characterized by the fact that said transmitted checksum is compared with another 
checksum known as local calculation total calculated by the subscriber identity module such that 
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said erihanceii message is accepMi by tiie sttbscfiber identity niodiiie if tire transmitted clTecksiira 
is the same as the local checksum a«d is rejected otherwise. 

1 L The enhaticed message described i» any of Claims 1-10, chajacterized by tiie fact that 
said subscriber identity raodiile has an input'outpiit line and receives local comiiiands belonging 
to a local appHcation in said mobile station m said input/oiitp«t iine, a»d 

said remote coiiimands inckded i« the first field (3) of said enhanced message are 
virtoally the same as said local command received by the tnput/oiitpiit line. 

12. A method for synchronizing and ensuring security of enhanced messages exchanged 
between a message service center (C-SMS) and a mobile station (MS) of a cellular radio 
communication system, wherein each enhanced message has a header (1 ) and a main body (2), 
said main body (2) particularly has a first field (3) for storing the remote commands pertaining to 
a remote application of the aforementioned mobile station; 

said mobile station is constituted with a terminal cooperating with a subscriber identity 
module, said terminal has a means for receiving said enhanced message, said subscriber identity 
module has a means for storing and processing the received enlianced message, and said 
subscriber identity module has a means for executing said remote commands to support said 
remote application: 

said method particularly having tha following steps; 

• said message service center sends an enhanced message that also has a second field {4) 
storing the current value of a synchronization counter in tlie main body to said mobile station 
(61); 

• the subscriber identi tj-' module of the mobile station compares the cunent value of the 
synclu-onization counter included in said enhanced message with the previous vaiue of the 
synchronization counter stored in the subscriber identi{> module (65:85); 

• the subscriber identity module accepts (67) or rejects (66) said enhanced message 
depending on the result of comparing the current value with the previous value of the 
synchronization counter; 

• tlie subscriber identity module updates said previous value by said current value if the 
enhajtced message is accepted (S6). 

13. The method described in Claim 12, characterized by the fact that the cumnt value of 
the synchronization counter is incremented by a certain amount fbr each new enhanced message 
of said remote application transmitted by said message service enter, and 

said enhanced message is accepted by the subscriber identity' module only when the 
current value of said synchronization counter is larger than said previous value. 

1 4. The metliod de.scribed in Claim 1 2 or 1 3, chaiacterized by the fact that said step of 
updating the previous value of the synchronization counter by the current value is carried out 
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only when the dityerence between the current value and the previous value is smailer thaii vl 
presciibed maximum iiicrementation. 

15. The method desa'ibed in any of Claims 12-14, characterized by also Imviag the 
following step: 

♦ if said euhaticed message is rejected by the subscriber identity module (66), the 
subscriber identity module wiH seiid ait eahaaced it\e5sage including a specific error code that 
can notify tlie message service center of the fact tiiat the enlianced message it just transmitted has 
been rejected due to the synchronization problem of the counter to the message ser\'ice center 
(87). 

16. The method described in any of Claims 12-15, wherein the main body (2) of said 
enhanced message ti-ansraitted by the message service center to the mobile station also has a 
third field (5) storing a first piece of locating information indicating the location in said data 
storage means where said previous vaJue of the synchronization counter is stored, 
characted/ed by the fact that the following steps are carried oat before the subscriber identity 
module compares the current value and the previous value of the synchronization counter (85); 

• the subscriber identity module reads the first piece of locating information stored in the 
third field of said enhanced message (82); 

* tlie subscriber identity module deduces the previous value of tite synchronization 
counter from tlie piece of locating infonnation (83); 

the subscriber identity module reads the previous value of the synchronization counter 
stored at the aforementioned location (84). 

17. The method described in any of Claims 12-16, wherein said enhanced message (2) 
transmitted by tlie message service center to the mobile station also has a fourth field (6) storing 
a ciphertext known as transmitted ciphertext calculated by at least partially using the content of 
the second field (4) storing the cun ent value of the synchronization counter, 

characterized by also having the following steps: 

• the subscriber identity module at least paitially uses the content of the second field (4) 
in said enhanced message to calculate a local ciphertext (92); 

» the subscriber identity module compares said transmitted ciphertext with said locai 
Ciphertext (93) such that said enhanced message is accepted if the transmitted ciphertext is the 
same as the local ciphertext and ts rejected otherwise. 

18. The metliod described in any of Claims 12-17, xvherein said subscriber identity 
module stores a cryptographic fimction and an associated key specific to said remote application 
in the data storage means of the subscriber identity module to calculate said local ciphertext, and 

said enhanced message transmitted by the message service cmt&r to the mobile station 
also has a fifth field (5) storing a third piece of locating information indicating the location in 
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said data storage means where said cryptogmpliic function and said associated key specific to 
said remote application aie stored, 

characterized by tlie fact that the aforementioned step ofcalculating the local eipheitext 
by the subscriber identity module {92) has the following steps: 

• the ssubscriber identity module reads said third piece of loca ting inforoiation stored in 
the fifth field (5) of said enhanced message (94); 

• the stibscriber identity module deduces the storage locations of said cryptogtaphk 
function and said associated key from the piece of locating information; 

• the subscriber identity module uses said cryptographic function and said associated key 
as well as at least part of the content of the secoiid field (4) in said enhanced message to catculate 
said local ciphertext (96). 

19. The method described in Claim 16 or IS, wherein the data storage means of the 
subscriber identity module has a hierarchical structiire of at least three levels and having at ieast 
the following three kinds of files: 

• master file (MF), or primary directory; 

• dedicated file (DF) or secondary' directory located under said master file; 

• eiemeatar>'- file (EF) located under said dedicated file known as parent dedicated file, or 
directly located under said master file known as parent master file, chamcterized by the 
following facts; 

an elementary system file (£F SMS System) suitable for said remote application has a 
second piece of locating information indicating the location in the data storage means of the 
subscriber identity module where said previous value of the sy nchrotrization counter is stored; 

said third field (5) also constitutes said fifth field, and said first piece of locating 
infonnation also constitutes said third piece of locating infomiation; 

the first piece of locating infonnation stored in said third field (5) is an identifier for 
dedicated tile (DP) or master file (MF) related to said elementary system file (EF SMS System) 
depending on a predetemiined search strategy in the data storage means. 

20. The method described in any of Claims i 2- 1 9, wherein, preferably, the main body (2) 
of said enhanced message transmitted by the message servHce center to the mobile station also 
has a sixth field (7) storing a checksimt known as transmitted checksum, caleulation of which at 
least partially includes the content of the first field (3) storing retnote cotnmaiidSj 

characterized by also having the following steps; 

• tlie subscriber identity module uses at least part of the content of the first field (3) in 
said enhanced message to calculate a local checksum (72); 
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• the subscriber identity module compares said trammitted. checksum with said local 
checksum such that said enhanced message is accepted if said transmitted checksum is the same 
as the locai checksum and is rejected otiiierwise (73). 

Detailed explanation of the ia vention 

Enhaticed short message and method for syftcbmnixing and ensuring security of 
enhanced short messages exchanged in a celiular radio communication system 

The present invention belongs to the field of messages exchanged in a celhilar radio 
communication system. In general, these messages are exchanged between a message sersice 
center and a pliirality of mobile stations. Each mobile station is constituted with a terminal 
cooperating with a user card fonned by a microprocessor known as a subscriber identity module 
(or SIM). 

More speeitically, the present invention pertains to a special stmcture for enhanced 
messages and to a metliod for synch onixing and ensuring the security of exchanging the 
enhanced messages having the aforementioned structure. 

The GSM standard (global system for mobile public commimicatjons operating in the 
900 MHsibajid) is known in the field of cellular radio conimimication, especially^ in Eorope. 

The present invention is particularly applied to systems depending on said GSM standard 
but is not limited to that 

In general, a terminal is a physical device tised by a user to acceiss the telecommnnication 
service provided by a network. There are various kinds of terminals, such as portable terminals, 
mobile terminals, and vehicle-mounted terminals. 

When a user uses a terminal, he (or she) must connect a chip card type user card (SIM) of 
his (or her) own to the terminal. 

The user card supports its own operation and a principal application (such as a GSM 
application) of telephone that can operate the terminal to which it is connected in a celhilar radio 
commmiication system. In particular, the user card provides a unique identifier (or IMSi, 
"International Mobile Subscriber Identity") of the subscriber to the terminal to which it is 
connected. 

Theretibre, the user card lias command execution means (such as a microprocessoi^ and 
program memory) and data storage means (such as data memory). 

The IMSI identifier and ail of the personal information regarding the subscriber used by 
the terminal are stored in the data storage means of the SIM . In this way , each terminal can be 
UvSed with any SI M. 

In a knowi> specific system, especially- the GSM system, ihere a messj^ue str\ ice (or 
SMS, "Short Message Service") that caji transmit messages (known as sliori messages in the case 
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of GSM) to mobile statiott. These messages are sent o«t by a message service center (or SMS-C, 
"SMS-Omer"), 

When a certain mobile station receives a message, it stores the message m tile cjata 
storage message of its SIM, The principal telephone application of each SIM can process the 
received message. 

Ofsginally, the only ftinetiosi of message is to provide iiiformatioti to a subscriber throtigh 
the display screen of a teoTMiiat, Therefore, the message known as staodai-d message «sed for 
realizing said only function only includes raw data. 

Then, an enhanced message (or ESMS, "Enhanced SMS") that can send tvvo kinds of 
messages, that is, the aforementioned standard message and commands, was designed. 

Consequently, it has been already proposed that commands ^at can update or reconstruct 
said SIM remotely are transmitted to the SIM via enhanced message. In otlier words, the 
commands encapsulated in enhanced messages can change the principal telephone application of 
the SIM . In this way, it is possible to reconstruct an SIM without taking it to a retail shop (thus, 
management commands can be executed in the SIM when it is in the application stage). 

It has also been proposed to use SIMs to support other applications, such as a rental car, 
paytnent, and loyalty appHcations, in addition to the principal telephone appHcation. 

Since the commands belonging to said other applications are included in the enhanced 
messages and are tlvus outside the SIM, said other applications are known as remote or GTA 
("Over the Air") applications. On the other hand, the principal telephone application stored in the 
data storage means of the SIM is known as the local application. The commands are known as 
local or remote commands depending on whether an application is a local or remote application. 

The remote applications (rental, payment, reconstmcting the principal telephone 
application, etc.) can be executed in accordaiice witli the aforementioned remote commands. 

It is clear that this recent remote application concept (or OTA application) is verv' 
beneficial to the subscribers. The subscribers can cany out various applications, such as renting a 
car or making a payment, vei7 easily by simply using a terminaJ into which the subscriber's SIM 
is inserted. 

In other words, the SIM caji execute sojne applications o\hci than the apphcatjon \t 
immliy camels out {that is, more commands) once U is m tlie dpphcat\^a s\ ige ih it is once n is 
inserted juo the c^iluL-. plione ofa usei 

SpcLuil ^vcutits 1^ tcquircd as a resuh of said mcrease m the opciatson cap^Rjts oi the 
SiM lii t.Kt thi- mechdufsni ai. myj an additional entiance gate mto the SIM should be able to 
pie\t'ut anshodx horn ponoinung an\ opeuuion that is usuallv prohibited foi that person m the 
SIM. 
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The special security requirements associ:.Ted w \± u?e of enhanced nies^age panicuiarK 
include resynchronization. uniqueness of each lue.^.sajie, mttignty of each message, aiithen{tci{\ 
of the sender, and the like. 

In fact, it is desired that resyaclironization cmi be achieved between the message source 
md SIM when a triattsniission problem octrurs in the network. Due to unpredictable ttansmission 
of the eshaiieed message ehannei, it is actually unable lo guarantee the routing of the enhanced 
messsage or the routing order of a plurality of enhanced messages . 

The requirement on the uniqueness of each message can prevent replay of message either 
accidentally (a t^nsmission channel that traces enhanced message may actually send the same 
message several times to the same SIM) or intentionaliy (tiiat is, with a purpose of fraud, for 
example, repeatedly executing the same sequence of commands, such as commajids enabling 
recrediting of a prepaid teieplione usage counter in the SIM, in the SIM). 

The requirement on the integrity of each message can prevent modification of a message 
either accidentally (also depending on the transmission channel between the message service 
center and the mobile station) or itttentionally (with the idea of modifying a message to execute 
other actions more sensitive than those predetermined by the message soiurce). 

The requirement on the authenticity of the sender can reliably cpnfinn the pen-nissiou o f 
sending the enhanced message. In fact, this remote application raechanisin must be specially 
reserved for speeific senders (such as operations and service providers). 

The recent remote application concept being implemented currently, ho^vever, does not 
meet all of the aforementioned specific security' requirements. 

In fact, the only scheme that has been proposed so far is to introduce a checksum into 
each enhanced message and run a secret code prompt type check procedure before executing the 
remote commands included in the enhanced message. 

Clearly, this solution is incomplete and thus unsatisfactory. 

First of all, the use of a checksiun considered as a relatively basic solution can only 
ensure that the message is transmitted correctly. 

Second of all the piocedure for secret code check cannot provide sufficient secunt>' 
guarantee if an enhanced message ss uuctcepied In fact, since The uicritiruvahin infofiiiaiton does 
notvar>' for each message n 5soas\ ibi a poison witiiout peinussioii lo tcplas a n\cssdgs: {hat is. 
It IS easy foi an unpropeiiy inteicepted message to p.^ss an authentic one. 

Finally, the known solution cannot folly satisfy the aforementioned other requirements, 
that is, the requirements regarding res^Tiehronization and integri ty of the message. 

The objective of the present invention is to solve the various problems of the 
converttional technology. 



10 



More specificaHy, one of the objectives of the present mvention is to provide a method 
for synchronizing and ensuring secinity of exchange of enhanced messages mid a corresponding 
enhanced message stractare that can resyncbonize the message source m4 the SIM when a 
transmission problem occurs in a network. 

Another objective of the present invmtion is to provide an enhanced message method and 
straetiire for guaranteeing the uniqueness of each transmitted enhanced message. 

Yet another objective of the present invention is- to provide an enhanced message method 
and structtnre for giiai an teeing the integrity of each transmitted enhanced message, 

A supplementary objective of tlie present invention is to provide an enhanced message 
method and stmcture for guaranteeing the anthenticity of the enhanced message sender. 

The aforementioned various objectives and other objectives to be described later are 
realized by the present invention by using a type of enhanced message transmitted by a message 
service center to a mobile station in a ceilular radio communication system. The enhanced 
message has a header and a main body, and said main body par ticuiarly has a first ileid storing 
remote commands belonging to a remote application of said mobile station. 

Said mobile station is constituted with a terminal cooperating with a subscriber identity 
module. Said terminal has a means for receiving said enhanced message. Said subscriber identity 
mt^ule has a means for storing and processing the received enlranced tiiessage, and said 
subscriber identity module has a means for exeGuting said remote commands to support said 
remote application. 

Said enhanced message is characterised by the fact that said main body also has a second 
fieid for storing the current value of a synchronization counter. 

The current value of the synchronization counter is compai-ed with the previous value of 
tl^e synchronization counter stored in the subscriber identity module so that said enhanced 
message is accepted or rejected by the subscriber identity module corresponding to the result of 
comparing the ciurent value and the previous value of the synchronization counter, and said 
previous value is updated by said current value only when the enhanced message is accepted by 
the subscriber identity module. 

In this way, synchronizatjon between the message service center and the subscriber 
identity module (or SIM) is based on the use of the counter shared betweeiv them. Each message 
sent to the SIM includes ihe current value of its synchronization counter, I'hat current value is 
distinguished for each message. On the other hand, the SIM stores the previous value of the 
hunu/ijtion coumct and compares it with the current value included in each message to 
aeoejx oi {ejoci the nies,sage 
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If a problem occurs when tmnsmittsiig a message, the SIM ca« beresynchroirized widi 
ihe message source starting from the next «jessage. This is because the current vaiue of tjhe 
synchronization counter is included in each message. 

If the SIM has a plurality of remote appUcatiom, each of them can be combioed with 
atiother ^mhmmtstiovt counter. & this case, tlie SIM stores the previous values of dillerent 
counters. 

Preferably, the main body of said enhanced message also has a third field storing a first 
piece of locating information indicating the location in said data storage means where said 
previous value of the synchronization counter is stored. 

This is particularly advaniageous when the SIM includes a pim ality of remote 
applications. In this case, when a message is received, the SIM will know which synchronization 
counter to use depending on the content of the third field. 

The data storage means of the subscriber identity module has a hierarchical structm-e of at 
least three levels and having at least the following three kinds of files: 

• master file, or primai-y directorv^; 

• dedicated file or secondary directory located under said master file; 

• elemeatar>'- file iGcated under said dedicated file known: as parent dedicated file or 
directly located under said master file known as parent master file. 

An eleraentar>f system file (EF SMS System) suitable for said remote application has a 
second piece of locating information indicating the location in the data storage means of the 
subscriber identity module where said previous value of the s^^Bchronization counter is stored. 

In this specific embodiment of the present invention, the enhanced message is 
characterized by the fact that the first piece of locating information stored in said third fieid is an 
identifier for the dedicated file or the master file related to said elementary system file depending 
on a predetennined search strategy in the data storage means. 

Consequently, each message includes an identifier enabling the SIM to find the basis 
system file to which the remote application sends said message is linked. This basic system file 
particularly includes the previous value of the synchronization counter associated witii die 
remote application that sends said message. 

Preterably, said main body also includes a fourdi field for storing cipheitext known as 
tratismitted eipbertext, calculation of which at least partially includes the content of the second 
field storing tlie current value of the synclironization counter. 

Said transmitted ciphenext is compared with another ciphertext know n iocal ciphej text 
as calculated by the subscriber identity module such thai said enhanced message aLcejned b\ 
the subscriber identity module if the transmitted ciphertext is the same as die local cipherte.Kt and 
is rejected otherwise. 
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In other words, uses of the synclironizatjon coonter and the cip^ In 
this way, the secunty for exchangmg rnessages between the message service center ami the SIM 
can be improved. The use of the ciphertext enables the SIM to coiifirm tliat tlie message 
transmission source is a tn,Uy authorized source (also known as the authentici ty of the sender) 
md to confirm the integrity 6f the message. 

Additionany , since caiculatioa of the current vatlue of the counter is included in the 
calcttiatioo of the ciphertext, there is synergistic effect between tlie use of the synchronization 
counter and the use of the ciphertext. 

First of all, since the current value of the counter is different for each message, it is 
unable to replay the same message improperiy. In other words, the uniqueness of each message 
can be guaranteed this way. 

Also, since the current value of the counter is inchided in the; message^ tlie SIM knows 
which current value has been used to calculate the ciphertext so that the comparati ve ciphertext 
(local ciphertext) can be calculated on the same basis. 

Finally, since the current value of the counter in the message is transmitted, even if the 
message tmnsmitted previously has not been received (or has not arrived), i t can guarantee that 
the received message will be accepted. 

Advantageously, the content of the f«-st field storing the remote commands is at least 
partially included in die caicnlation of said transmitted and check ciphertext. 

According to an advantageous embodiment of tlie present invention, calculation of said 
transmitted and local ciphertext at least includes all the content of the second field storing the 
current value of tl^e synchronization coiuiter and all the content of the first field storing the 
remote commands. In tliis way, the security can be improved. 

Preferably, said transmitted and local ciphertext are calculated by using a ciyptographic 
function belonging to the group of 

• secret key ciypiographic functions; and 

• public key cryptographic ftmctions. 

In tliis way, the present invention is not liifeited to use of a specific type of ci7ptogfaphic 
function. 

Preferably, said subscriber identity module stores a cryptographic function and an 
associated key specific to said remote application in the data storage means of the subscriber 
identity module so that it is possible to calculate said local ciphertext. 

Said enlianced message is characterized by the feet that the main body of said enhanced 
message also has a flflh field storing a third piece of locating information indicating the location 
in said data storage means where said cryptographic function and said associated key specific to 
said remote application are stored. 
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This is particularly bent^Tciai^' in the ease when the SIM suppoits a pUiiality o f remote 
applications, each of which is associated with difTerent pairs (cryptographic fimction, key) or m 
the case when the SIM stores different pairs associated with said different applicatioiis. In this 
case, when a certain message is received, the content of the fifth filed can be used so that the 
SIM kiiows which pair (cryptographic fimctioii, key) to use. 

A ccording to a reconmiended embodiment of the present invention, said third Held atso 
constitutes said filih field, aiid said frrst piece of locating infonnation also constitutes said third 
piece of locating information. 

In this way , the content of the third field can tell the SIM not only which synchronization 
counter to use but also which pair (cryptographic function, key) to use. 

Advantageously, said main body also has a sixth field storing a checksum biovvn as 
transmitted checksum, calculation of which at least partially includes the content of the first field 
storing remote commands. 

Said transmitted checksum is compared with another checksum known as a local 
calculation total calculated by the subscriber identity module such tliat said enhanced message is 
accepted by the subscriber identity module if the transmitted checksum is the same as the local 
checksum and is rejected otherw^ise. 

An additional level of security can be constituted by using said checksum. In this way, a 
message modified accidentally can be quiekty rejected witliout carrying out the cryptographic 
calculation. 

Additionally, if the possibility of stopping the ciphertext check and the counter check 
under specific conditions is predicted, the "hash field" alone can guarantee that message would 
not be varied accidentally or intentionally although the guai-antee has a very relative level. Of 
course, however, that possibility must be limited to a configuration in which the logic seciu-ity 
linked to the remote application restricts the possible operation in the SIM 

Advantageously, said subscriber identity module has an input, output line and receives 
local commands belonging to a local application in said mobile station on said input-'output line. 

Said remote commands included in the first field of said enhanced message are virtually 
the same as said local command received by the input/output line: 

In this way, the SIM can manage two kinds of comniaiids:, that is, local commaitd and 
remote conmiand without the necessity of duplicating the executable codes of tlte SIM (in 
general, the codes in ROM and/or EEPROM), 

The present invention also provides a method for synchronizing and ensuring security of 
enhanced messages exchanged between a message service center and a mobile station (MS) of a 
cellular radio communication system, wherein each enhanced message has a header and a main 
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body, and said main body particulariy has a first field for stdfiiig the remote commands 
pes taiiung to a remote applicatiow of the atbremendoned mobile statioti. 

Said mobiie station is constituted with a terminal cooperatiag witli a subscriber ideatit>' 
module. Said terminal has a means for receiving said enhanced message. Said subscriber identity 
module has a means for storing and processing the received enhanced message, and said 
subscriber identity module has a m&ms, for executing said remote commands to support said 
remote application, 

Said metiiod is characterized by particularly having the follow ing steps: 

• said message service center sends an enhanced message that also a seeond field 
storing the current value of a synchronization counter in tlie main body to said tnobile station; 

• the subscriber identity module of the mobile station compares the cutrent vahie of the 
synchronization counter included in said enhanced message with the previous value of the 
s>'nchronization counter stored in the subscriber identity module; 

• the subscriber identity module accepts or ejects said enhanced message depending on 
tlie result of comparing tlie current value with the previous value of the synchronization counter; 

• the subscriber identity module updates said previous value by said ciirrent value if the 
enhanced message is accepted. 

Preferably, Urn current value of the synchronixation counter is incremented by a certain 
amoont for each new ettlianeed message of said remote application transmitted by said message 
service center. 

Also, said enhanced message is accepted by the subscriber identi ty module only when the 
current value of said synchronization counter is larger than said previous value. 

In otlier words, in order to prevent replay of a message, the newest current value must be 
larger than the value included in the last accepted message (that is, the previous value sorted in 
the SIM). 

Preferably, said step of updating the previous value of the synchronization counter by the 
ciment vahie is carried out only when the difference between the cwrent value and the previous 
value is smaller than a prescribed maximum incrementation. 

Ih this way, the counter can be prevented^ from being locked at its maximum value too 
quickly , in other words, the service lite of the counter is extended, a^id the attack of quickly 
locking the SIM witli the counter reaching its maximum value cait be prevented. This is because 
tite counter cannot be reset by the remote application when it is locked this way. Shice this 
problem can only be solved by an administrator procedure, it will lead to additional cost. 

Advantageously, the aforementioned method also has the following step. 

• if said enhanced message is rejected by the subscriber identity' module, the .subscriber 
identity module will send an enhanced message including a specific eiror code that can notify the 
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message service center of the fact that the enbanced message it j«st tramsmi tted has been rejeeted 
due to tlie synchronkation problem of the counter to the message service center. 

This is applicable particular ly to the case when two consecutive messages with current 
values of the synchronization counter of N and H+I are not recei ved in their transmission order. 
In fact, since the second message is rejected (to be explained later) \vhen the iMt received 
message m accepted, it is advantageous to notify the sender of the rej ection reason, that is, the 
synchronisation problem. 

It can be understood that when the SIM receives the first message (value N+i)^ the 
previous value stored in the module is N-1. Therefore, the current value of the first message 
equal to NM is laiger than said value N-1 . Then, die previous vaiue is updated by the cuo-ent 
value of the first message. Consequently, when the SIM receives the second message, the 
previous value stored in tlie module is N-4-1, Consequently, the current value of the second 
message equal to N is smaller than the previous value N+1, and the second message is rejected 
because of the syochfonization problem. 

Advantageoiusly, the main body of said enhanced message transmitted by the message 
service center to the mobile station also has a third field storing a first piece of locating 
information indicating tlie location in said data storage means where said previous vahie of the 
synchronization counter is stored. 

The following steps are carried out before the subscriber identity module compares the 
current value and the previous vaUie of the synchronization counter; 

• the subscriber identity module reads the first piece of locating information stored in the 
third field of said enhanced message; 

• the subscriber identity module deduces the previous value of tlie synchi-onizafion 
counter from tlie piece of locating information; 

• the subscriber identity module reads the previous vaiue of the synchronization counter 
stored at the aforementioned location. 

In an embodiment of the present invention, said enhanced message trammitted by the 
message service center to the mobile station also has a fourth field storing a ciphertext known as 
transmitted ciphertext calcidatedby at least partially using the con tent of the second field storing 
the ciu-rent value of the synchronization counter. 

The aforementioned process also has the tbllowing steps: 

• the subscriber identity module at least paitially uses the content of the second field in 
said enhanced message to calculate a local ciphertext; 

• the subscriber identity module compares said transmitted ciphertext with said local 
ciphertext such that said enhanced message is accepted if the transmitted ciphertext is the same 
as the local ciphextext and is rejected otherwise. 
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Advantageously, said subscriber identity module stores a CT>'ptqgraphic Itmction and an 
associated key specific to said remote application in the data storage means of tbe subscribei" 
identity module to calculate said local ciphertext 

Said enhanced message transmitted by the message service center to the mobile station 
also has a fifth field storing a third piece of locating iaformation indieating the location in said 
data storage means where said cr>'ptogmphic ftmction and said associated key specific to said 
remote application are stored, 

The aforementiotied step of calculating the local ciphertext by the subscriber identity 
modttle has the following steps: 

• the subscriber identity module reads said third piece of locating infonnation stored in 
the fifth field of said enhanced message; 

• die subscriber idemity module deduces the storage locations of said cr>'ptographic 
firaction and said associated key from the piece of locating infonnatioh; 

• the subscriber identity module uses said cn ptographic function and said associated key 
as well as at least part of the content of the second field in said enhanced message to calculate 
said local ciphertext. 

In an advantageous erabodiment of the present invention wherein the data storage means 
of the subscriber identity module has a h ierarchical structure of at least tlwee levels and haying at 
least tlie following three kinds of files; 

• master file, or primary directory; 

• dedicated file or secondary director' located under said master file; 

• elementaiy file located under said dedicated file known as parent dedicated file or 
directly located under said master file known as parent master file, 

said metltod is characterized by the following facts: an elementary system file (EF SMS 
System) suitable for said remote application has a second piece of locati ng information 
indicating the location in the data storage means of the subscriber identity module where said 
previous value of the s>'nchronization counter is stored; 

said third field also constitutes said fijflh field, and said first piece of locating information 
also constiMes said third piece of locating infeimation: and 

the first piece of locating information stored in said third field is an identifier for 
dedicated file (DF) or master file (MF) related to said elementary witem file (EF SMS Systeiw) 
depending on a predetermined search strategy in the data storage means. 

Advantageously, the main body of said enhanced message transmitted by the message 
service center to the mobile station also has a sixth field storing a checksum known as a 
transmitted checks um, the calculation of which at least partially includes tlie content of the first 
field (3) storing remote commands. 
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Said method also has the following steps: 

• the subscriber identity module uses at least part of the content of the first field 'm said 
enhanced message to calculate a local checksum; 

• the subscriber identity module compares said transmitted checksum with said local 
checksum such that said enhanced message is accepted if said transmitted cheeksura is the sajue 
as the local checksum and is rejected otheiwtse. 

Other characteristics and merits of the present invention can be understood by reading tlie 
following explanation of the preferable embodiments of the present invention provided as 
nonlimiting examples with reference to the attached figures, 

• Figure 1 shows a specific embodiment of the enhanced message structure disclosed In 
the present invention. 

• Figures 2-4 show examples of exchanging enhanced messages with security by osing 
the method of the present invention, 

• Figm e 5 shows an example of calculating the ciphertext used in the method of the 
present invention, 

• Figure 6 shows a simple flow chart of a specific embodiment of die method disclosed in 
the present invention, 

• Figures 7-9 show the details of the steps in tlie flow chart, ^lown in Figure 6, 
The present invention pertains to a particuiar enhanced message structure and to a 

metitod for synchronizing and ensmmg the security' of exchanging the enhanced messages 
having said structiire. 

In a specific embodiment to be explained below as a nonlimiting example, the cellular 
radio communication system is of the GSM type and uses ejihaticed short message service 
"ESMS"). 

Of course, the present invention is not limited to the GSM system but can be applied to 
ail cellular radio communication systems that provide enhanced message service. 

Conventionally, in the case of GSM, enhanced short messages ai-e exchanged between a 
short message service center (SMS-C) md one or a plurality of mobile stations (MS). Each 
mobile station is constituted with a terminal cooperating with a subscriber identity motlole 
(SiM), lite terminal has an enhanced message reception means. Hie SIM is e<|«ipped with 
means for storing and processing the received enhanced messages. Each enhanced message has 
remote commands belonging to a remote application of the SIM, Tlie SIM is equipped with a 
rnemis for executing these remote commands to support said remote application (possibly 
others). 

Figure 1 shows a specific embodiment of die enhanced message stnicture disclosed in the 
present invention. 
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GonvefttkmaUy, mi enhanced message has a header 1 and a main body 2 (or TP-UD, 
"Iransfer layer protocol-user data"). Main body 2 particularly has a "commami" field 3 storing 
remote commands. 

Accorditiig to the present mveation, the objects of the commands are the con venrional 
(operation or manageraent) commands defined iti GSMI. i.1 1, IS078.16-4 or EN726-3, such as 
SELECT, UPDATE BriSIARY: UPDATE RECa&D, SEEK, CREATE FILE, 
CREATERECQRD, EXTEND, and die !ike. ta other words, the format of these remote 
commands is the same as the local commands received by the iopiit/output line of the SIM. 
Consequently, the SIM can process the remote commands in the same way as the local 
commands. 

hi the embodiment shown in Figure 1 ^ the main body 2 of the enhanced message in the 
present invention also has "synchronization counter" field 4, "system" field 5, "SMS certificate" 
field 6, and "SMS-ID" field 7. 

hi the following, the main body 2 of the enhanced message and the contents of fields 4-7 
will be explained in detail 

"Synchronization counter" field 4 stores the current value of the s>'nchronization counter. 
As to be explained in detail based on Figures 6, S, the current value of the synchronixiation 
counter is compared with the pre-viows value of the same synchron izadon counter stored in the 
data storage jneans of the SIM . The enhanced message is accepted or rejected bythe SLM 
depending on the comparison result. 

"System" field 5 stores the piece of locating information of a system file in the data 
storage means ofthe SIM, with tlie system itself directly including the elements suitable for the 
message sending remote application or other locating information of said elements in the daJa 
storage means of the SIM , 

The elements suitable for sending the remote application refer to the previous value of the 
sj^nchronization counter as well as a cryptogmphic function and its associated key (the last two 
elements can be used to calculate the "local" ciphertext compared with the "transmitted" 
ciphertext stored in "SMS certificate" field 6). 

It is well kno^^'u thai the subscriber identity module havi ng a hierarchical structure of at 
least three levels can be provided to the SIM, with at least tlie following tlu'ee kinds of files: 

• master tile (MF), or primary directory; 

• dedicated file (DP) or secondary' directory located under said master file; 

• elementary file (EF) located under said dedicated file known as parent dedicated file or 
directly located under .said master file known as parent master file. 

Id the case of this hierarchical strucmre, said sv-stem file of the present invention is, for 
example, an elementary system file (EF SMS system). In this case, the piece of locating 
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information stored in "system" fsekl 5 is an identillcr ("input DF") Tot deJicateJ file i DD ot 
master file (1VH-) related lo said elementary system file (1:1 SMS Systeiw) depending on a 
predetermined search strategy in tiie data storage laeatis. 

For example, the SIM can use an upstream retrieval mechatiism (of the "backtracking" 
type) comprised of the following steps: 

• first, retrievittg tlie elemetrtary systetn ftle wtder the dedicated file or the ctirmlt master 
llle (thatis, the flie indi[Gatedby the "ioput DF" identifier"; 

• then, if there is no eleitientarj' system file under the dedicated file or the current master 
file and the "input DF" identifier does not indicate the master file, retrieving the elementary file 
directly under the master file. 

In this way, the SIM reads tlte "input DF" identifier included in "system" field 5 into the 
enhanced message. The elementary system file linked to the message sending remote application 
can be found from said "input DF" identifier. In said elementary file, for example, the SIM reads 
the following: 

• directly, tlie current value of the synchronization counter; and 

• the identifier of a dedicated file under which EF key_op including a pair (cryptographic 
functtcm, associated key) associated wth the message sending remote application is present, 

"SMS certificate" field 6 stores ciphertext (ret wed to as "transmitted ciphettext" 
hereinafier). As to be explained in detail based on Figures 6 and 9, said transmitted ciphertext is 
compared witli a local ciphertext calculated separately by the SIM The enhanced message is 
accepted or rejected by the SIM depending on the comparison result. 

In the following, an embodiment of calculating the SMS-Cert transmitted ciphertext (this 
calculation is, of course, the same as that for the local ciphertext) will be introduced. One has the 
fo llo wing relationship : 

SMS-Cert ™ the least significant four bytes of [MAC Algajgo j j(Kappii, SMS data)], wherein 

• [Algajgo id] is an algorithm associated with the remote application (this algorithm can be 
located by the elementary system file (EF SMS System) to which said remote application 

belongs); 

• Kapjsii is a secret (or public) key associatied with algorithm Algajgfs jii; 

• "SM S jclata" Sync j application message, wherein 

• " i " represents the eoncatenation operator; 

• "Sync" is the value of the syndironization counter (current value in the case of 
calculating the transmitted ciphertext); 

• ".Application message" is the content of "command" field 3 (storing the remote 
coimnands); 
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* MAC Algaigo jtfis a fimction based on Algsteo-idthat tises key Ka^pii to realize "MAC" 
type ("message autheiitication code") caicuiation with respect to the SMS_data concatenation. 

Figiye 5 shows m example of cakulatmg SMS-Cert trassmitted ciphertexts wiieu 
algofitiim Algaigo ui is MoU A3 A8. Of course, however, algorithm A3 AS is only an application 
exainple. It is also possible to use other algorithms. In particular, the algorithm used is specified 
(by algomlim ideatifier) tor specifjc applications during impiemetntation in more fields. 

SMS__data concatenation is divided in n blocks Bj, Bj^- ^ Ba-i, B,t with n ^ 9. Blocks B|r 
Bn, for example, have 16 bytes. 

When the last block Bn having 16 b^-tes in SMS data concatenation is not obtained, the 
last block is shifted to the left, and the right side is made up by the bytes with value 0 to form a 
block having 16 bytes known as B „. These blocks are included in the following calculation: 
l.^A3A8 CK«..M, Bi) 

lij is the residt of fimction MAC A3A8. XOR is an operator that realizes "exclusive-OR" 
in bit unit between two chains of 16 bytes. 

"SMS~ld" field 7 includes the checksum (referred to as "tiansniitted checksum" 
hereinafter). As to be explained more accurately below based on Figures 6 and 7, said 
transmitted checksum is compared with a local checksum calculated separately by the SIM. The 
enhanced message is accepted or rejected by llie SIM' depending on the comparison result. 

In the follow ing, an embodiment of calculating the SMS-Id ti-ansniitted checksum (diis 
Cialculation is, of course, the same as tliat for the local checksum) will be introduced One has the 
following relationship; SMS _ld ~ NON("£Byte of "command" field 3), 

Figure 6 shows the simple flow chart of a specific embodiment disclosed in the proscni 
invention tor synchronizing ai^d ensming the security of exchanging enhanced messages has mg 
the structure shown in Figure 1. 

In this embodiment, the method of the present invention particulariy has the following 

steps: 
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• Hie ftiessage service center seisds stn enhanced message to the SIM of a mobil e stiition 

mi 

• The SIM checks the traiismttted checksum included la "SMS-ld" field 7 of the enhanced 

message (62). 

• If the result of checking the transmitted checksam is incoitec^ (63), the SIM rejects the 
enhanced message. Otherwise (64X the SIM checks the e went valne of the sytKhfonixation 
cotmter included m "synGhtomxation counter" tMd 4 (65). 

• If tiie resalt of checking the current value of the synchronization counter is incorrect 
(66), the SIM rejects the eiihajiced message. Otherwise (67), the SIM immediately updates the 
previous value of the synchronization counter by the current value before conducting any other 
checks. Thm, k checks the transmitted ciphertext included in "SMS certificate" field 6 (68). 

• If the resiih of checking the transmitted ciphertext is incorrect (69), the SIM rejects the 
enhanced message. Other wise (610), the SIM executes the remote commands included in 
"command" field 3 (611). 

As shown in detail in Figure 7, tlie step of checking transmhted checksnm (62) has the 
following steps: 

• The SIM reads the transmitted checksum in "SMS~M" field 7 of the enhancetl message 

(71). 

• llie SIM ealcuiates the local checksiun by following the same calculation prtnciple as 
that used for calculating the transmitted checksum (72). 

• The SIM compares the transmitted checksum with the local checksum (73). 

In this way, in the first stage of verification, the enhanced message is accepted (64) if the 
transmitted checksum is the same as the local checksum, Otlierwise, the enhanced message is 
rejected (63). 

As shown in detail in Fijpjre 8, the step of checking the current value of the 
sj^nchronization counter (65) has the foHomng steps; 

• 'ITie SI-M reads tlie current value of the synchronization counter in "synchronization 
coimter" field 4 (81). 

• The SIM reads the pjece of locating informati on of the system file (EF SMS System) in 
"system" field 5 of the enhanced message (82). As explained above, this piece pf locating 
information is the "input DF" identifier of the dedicated tile (OF) or master file (MF) associated 
with the elementary system file (EF SMS System), 

• Tlie SIM deduces the location of the system file (EF SMS System) including the 
previous value of the .synchronization counter in the data storage means of the SIM: from said 
piece of locating infonnation (83), 
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* Tlie SI M reads the previous valae of tlie syndtf onization coonter in the system file (EF 

SMS System) (84). 

• The SIM compares the current value of tiie syndiroaization eouater wMi tiie previous 
value stored in the SIM (85). 

♦ In this second stage of verification, if the euiretit v alue is dei5«My larger than the 
piwious value of the syttehronixation counter (67), tJie SIM will accept ti^e enhanced tnessage. 
Then, the SIM will update the previous value widi the current value (86). 

* If the current value is equal to or smaller than the previous value of the synchronization 
counter (66), the SIM will reject the enhanced message. In this case, the SIM can retiu^n an 
enhanced message incliuiing a specific code to the message service center to notify the message 
service center that the etihanced message that it has just sent was rejected due to synchronization 
problem of the counter (87), 

For example, it is possible to decide to increase the current value of the synchronization 
coimter by a prescribed amount (for example, equai to 1) for each enhanced message oewly sent 
by the message service center. In this case, tlie enhanced message is accepted by the SIM only 
when the current value of the synchronization counter included in the enhanced message is larger 
than the previous value stored iii die SIM'. 

The step 86 of updating the previous value of tlie synchronization counter by the current 
value can also be carried out only when the difference between tlie current value and tile 
previous value of the synchronization counter is smaller than a prescribed maxiniuni increment. 

Figures 2-4 show different examples of exchanging enhanced messages with security 
according to the present invention. Each of these figures shows the variation in the current value 
of tlie synchronization counter represented by E_Sync (in "outside", on the left) and the vai'iation 
in the stored value represented by S Sync (in the SIM on the right). Each arrow represents a 
message. 

In the fust case (see Figure 2), s>'nchijoniiEation and transmission of enhanced message 
are correct. In this case, E_Sync (==1) > S_Sync (=0). Hie previous value is updated to 1, and the 
remote coniniands are executed. 

In the second case (see Figure 3), aproblem occurs during transmission of an enh anced 
message, llie SIM does not respond On the other hand, the second transmission attempt is 
successful free of problem. Finally, E_Sync (==3) > S__Sync (-1). The previous value is updated 
to 3, and the remote commands ai^e executed. 

In the third case (see Figure 4), a synclironization problem occurs at the beginning. In 
fact, E_Sync 1 ) < S Sync (===5). A plurality of enhanced messages including the current value 
incremented sequentially are transmitted until the message service center is resynchronized with 
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the SIM. This is the case inw'liich E. .Sync (=6) > S. .Sync (=5). In this casc% the previoiis vaioe is 
updated to 6, and the remote commands are executed. 

As shown in detail iii Figure 9, the process of checking the tratisniitted ciphertext (68) 
includes the following different steps; 

• The SIM mads the current value of the synchronization coimterin "SMS certificate" 
field 6 (91), 

• The SIM calculates the local ciphertext t>y fbliowmg the same cakulatioii priftciple as 
that used for calculating the transmitted ciphertext (92), 

• The SIM compares the transmitted ciphertext with the local ciphertext (93), 

In this way, in the third stage of verification, the enhanced mes.sage is accepted if the 
transmitted ciphertext is the same as the local ciphertext (610). Otherwise, the enhanced message 
is rejected (69). 

As shown in detail in Figure 9, the step of calculating the local ciphertext 92 has the 
following steps: 

• The SIM reads the piece of locating infommtion of the system file (EF SMS System) in 
tlie "system" field 5 of the enhanced message (94), 

• The SIM deduces the location of the sj-stem file (EF SMS System) in the data storage 
means of the SIM from the piece of locating infomiation (95). The system file itself includes 
other locating informadon that enables the SIM to find tibe cryptographic function linked with the 
enhanced message sending remote application and its associated key. 

• The SIM: uses the cryptographic function and its associatetl key to calculate the local 
ciphertext as described above (96). 

In this case, the step 94 and the beginning of tile step 95 have actitally already been 
carried out in order to find the previous value of the synchronization counter (it is directly stored 
in the system file (EF SMS System)) as explained above. 

Certainly, the piesent invention can be embodied in mam otlict ways. 

For example, n js. aKo possible to have two diffejetu sv<;tem files in order to find the 
previous \alue of the svnchronization counter and the civptogtaphic fimction and its associated 
key In this case, there are two "'svNtcm" fields represented b\ symbol 

h js alsso pos<!ibleto use a puhhc key lype civptogwtphic lunction 

! tna.K the sie|) of (.het. kmu the checksum 62 can be omitted in some eases in the same 
wa\ the fetip of (.-hecking the ciphertext 68, 
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Key: A Outside 

B Execute comajand 

C Yes 

D No 

E Eiror 



SMS S^Svnc^E 



SMS ^Sync^S 



m$ OK 



Fig. 4 
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— 



(c) hi 



Fig. 5 



Key: A 
B 
C 
D 



16 bytes witli value OQh 
(16 bytes) 
(4 bytes) 
Exclusive-OR 



\ 

B 
61 
02 
6^ 

64 



(>" 

86 

08 

69 

610 

61i 



Ind 

Smd message 

C heck the checksum 

No 

Yes 

C hock the synchronization comiter 

No 
Yes 

I pdate the countcj- 
C heck the cipherte t 
No 
Yes 

Execute remote command 




64 



111 



Key: A 



End 



t 

$1- ^ 




Key: A End 




CoiitiHued Irmn from page 

(72) Inventor; Cedt ic Huct 
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